RBL cache {Scanned by HJMS}

[Kevin Spicer]

On Sat, 2003-09-13 at 15:46, Ugo Bellavance wrote:

>I'm terribly sorry.  I effectively didn't realise that.  I looked at
>the
>link you gave, and please tell me if I'm wrong.  To do a RBL query, we
>simply do a reverse-lookup on the IP address, using a RBL server as DNS
>server, instead of a conventionnal mail server, and if the result is
>part of
>a particular zone, the server is identified as a spam source?

Thats nearly it.  An example may help....

Lets say we want to check to see if ipaddress 10.11.12.13 is blacklisted
by relays.rbl.org  we send a DNS lookup for 13.12.11.10.relays.rbl.org
to our local DNS server, which in turn forwards the query to the
appropriate name server (for the domain relays.rbl.org).  Depending on
the RBL in question the data returned indicates whether a domain is
listed or not (for example by returning an IP in the loopback range such
as 127.0.0.2).  Some RBLs take this further and provide a variety of
different IPs which can be interpreted with different meanings.  When
the local DNS server receives the reply it sends it on to you and caches
it.

Yes this is a similar priciple to reverse DNS lookups, but it is not a
reverse lookup (reverse lookups always go to in-addr.arpa, e.g.
13.12.11.10.in-addr-arpa).  It is in fact a forward lookup, but to a
domain which behaves in a particular way.






BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.